- JSON representation
- Constraint
- ConstraintDefault
- ListConstraint
- BooleanConstraint
- CustomConstraint
- MethodType
- ActionType
The organization policy constraint definition.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field
|
|
googleDefinedConstraint |
The definition of the canned constraint defined by Google. |
customConstraint |
The definition of the custom constraint. |
Constraint
The definition of a constraint.
JSON representation |
---|
{ "name": string, "displayName": string, "description": string, "constraintDefault": enum ( |
Fields | |
---|---|
name |
The unique name of the constraint. Format of the name should be * For example, |
displayName |
The human readable name of the constraint. |
description |
Detailed description of what this |
constraintDefault |
The evaluation behavior of this constraint in the absence of 'Policy'. |
Union field Immutable after creation. |
|
listConstraint |
Defines this constraint as being a ListConstraint. |
booleanConstraint |
Defines this constraint as being a BooleanConstraint. |
ConstraintDefault
Specifies the default behavior in the absence of any Policy
for the Constraint
. This must not be CONSTRAINT_DEFAULT_UNSPECIFIED
.
Enums | |
---|---|
CONSTRAINT_DEFAULT_UNSPECIFIED |
This is only used for distinguishing unset values and should never be used. |
ALLOW |
Indicate that all values are allowed for list constraints. Indicate that enforcement is off for boolean constraints. |
DENY |
Indicate that all values are denied for list constraints. Indicate that enforcement is on for boolean constraints. |
ListConstraint
A Constraint
that allows or disallows a list of string values, which are configured by an organization's policy administrator with a Policy
.
JSON representation |
---|
{ "supportsIn": boolean, "supportsUnder": boolean } |
Fields | |
---|---|
supportsIn |
Indicates whether values grouped into categories can be used in |
supportsUnder |
Indicates whether subtrees of Cloud Resource Manager resource hierarchy can be used in |
BooleanConstraint
This type has no fields.
A Constraint
that is either enforced or not.
For example a constraint constraints/compute.disableSerialPortAccess
. If it is enforced on a VM instance, serial port connections will not be opened to that instance.
CustomConstraint
The definition of a custom constraint.
JSON representation |
---|
{ "name": string, "resourceTypes": [ string ], "methodTypes": [ enum ( |
Fields | |
---|---|
name |
Name of the constraint. This is unique within the organization. Format of the name should be * Example : "organizations/123/customConstraints/custom.createOnlyE2TypeVms" |
resourceTypes[] |
The Resource Instance type on which this policy applies to. Format will be of the form : " |
methodTypes[] |
All the operations being applied for this constraint. |
condition |
Organization Policy condition/expression. For example: |
actionType |
Allow or deny type. |
displayName |
One line display name for the UI. |
description |
Detailed information about this custom policy constraint. |
MethodType
The operation in which this constraint will be applied. For example: If the constraint applies only when create VMs, the methodTypes will be "CREATE" only. If the constraint applied when create or delete VMs, the methodTypes will be "CREATE" and "DELETE".
Enums | |
---|---|
METHOD_TYPE_UNSPECIFIED |
Unspecified. Will results in user error. |
CREATE |
Constraint applied when creating the resource. |
UPDATE |
Constraint applied when updating the resource. |
DELETE |
Constraint applied when deleting the resource. |
REMOVE_GRANT |
Constraint applied when removing an IAM grant. |
GOVERN_TAGS |
Constraint applied when enforcing forced tagging. |
ActionType
Allow or deny type.
Enums | |
---|---|
ACTION_TYPE_UNSPECIFIED |
Unspecified. Will results in user error. |
ALLOW |
Allowed action type. |
DENY |
Deny action type. |